I'll excuse the metadata issues for a while if you build the app in such a way that confidentiality is protected independent of your infrastructure, and if pushing a "bad" app to clients is detectable. It's still a pain if targeted malware is pushed to individual clients, as those clients are unlikely to detect it. There are some emerging ways to address that, but first things first.
You have literally billions of dollars; it would take at most millions to implement this. Making an app with 450 million uses around the world somewhat more secure would be supremely meaningful, even if it's not perfect.
I empathize with Jan & I think he believes what he has written, but does he think Facebook bought them for no reason at all? If he wants us to take him seriously he should explain how Whatsapp intends to make money for Facebook. Even implementing OTR won't totally protect users' privacy, so long as a megacorp is capable of performing traffic analysis.
If the guy was that concerned about privacy he wouldn't sell to the company with one of the worst reputations for privacy.
He made the choice and that's fine, but this communication is effectively meaningless. Actions speak louder than words.
Respect for your privacy is coded into our DNA, and we built WhatsApp
around the goal of knowing as little about you as possible: You don’t
have to give us your name and we don’t ask for your email address. We
don’t know your birthday. We don’t know your home address. We don’t
know where you work. We don’t know your likes, what you search for on
the internet or collect your GPS location. None of that data has ever
been collected and stored by WhatsApp, and we really have no plans to
"You don’t have to give us your name and we don’t ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that."
Great: they don't take my PII - but a person can easily be de-anonymized with just meta-data.
In addition, nowhere does it say "we won't read your messages" or "we won't sell your conversations". I think they are interested in much more than just meta-data. If I were Facebook, I would be licking my chops at the prospect of access to the mountain of saved private conversations.
In his list, they don't-not collect A. my phone number, and B. my entire message history. Certainly he knows that our phone number is PII enough.
It's trivial for someone with the means to tie a cell number back to a person, and only slightly less trivial to look at timestamps and cross-reference tower locations and messages to have a quality bit of intel.
If he was truly about this "we're not the Stasi" bit, I'd imagine we'd see some measure of assurance they don't store messages.
But, then again I don't know that the service would have been worth 19B USD without those.
So...yea, not exactly anonymous.
scaring people into thinking we’re suddenly collecting all kinds of new data
With no disrespect intended towards the whatsapp team, given the terms of the deal, it's a bit hard for them to say "If partnering with Facebook meant X we wouldn't have done it" unless X is "life would not have been as staggeringly beneficial to us".
...said every acquisition ever
Ok, is that another way of saying they know it already since it was in another users contacts that got synced to there server?
1. they both know your mobile phone book.
2. they both know your imei
3. they both know your phone number(this doesn't have to be the same by the time you sign up for the other)
just no.1 is already enough to get an accurate estimate on who the person is. notice how they never said that they didn't log that information?
it's also very unlikely that they don't have access logs to their service, which usually includes ip's i.e. location, but for all we know they could be encoding carrier information in a couple of bytes during the transmission of the contact list.
edit: while the mobile ip's don't give you exact information, they still give you enough heuristics to overlap them with other services
In mobile data world, the norm is MASSIVE NAT. Thousands of users per IP (you can IIRC make 65535 distinct connections over a single NATd IP). Also, the connections are usually terminated in one (or fairly few) data centres, so the IP only tells you the country and the provider, nothing more.
They turned evil and that's why me and my friends started using Telegram.
They don't care but privacy, they care about money, let's cut the BS.
I don't understand how the whatsapp CEO can come out with a statement like this while presiding over a program that behaves like this.
In fact, doesn't Whatsapp have more users than Facebook? That might be worth more than the message archives.
"Respect for your privacy is coded into our DNA"
Suit the word to the action.
What encryption does Whatsapp use? Their FAQ doesn't say.
It also doesn't say if it is end-to-end (client-to-client) encryption or if the data is stored in plain on their servers? (I understand it is not stored permanently.)